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Abstract 


Today’s advanced vehicles contain numerous sensors and exhibit a 
high degree of interactions among vehicle’s components (e.g., 
sensors, devices, systems, systems- of-systems) across sensing, 
communication, and control layers. While driving on the road, 
hackers only need to be within communication range of the vehicle to 
attack it. In this article, we discuss the On-Board Diagnostic (OBD) 
new regulations , OBD system vulnerabilities and the latest vehicle 
cyber security threats that include malware attacks. We propose three 
cybersecurity attack detection and defense methods: Cyber-Attack 
detection algorithm, Time-Based CAN Intrusion Detection Method 
and, Feistel Cipher Block Method. These control methods 
autonomously diagnose a cybersecurity problem in a vehicle’s 
onboard system using an OBD interface, such as OBD-II when a fault 
caused by a cyberattack is detected, All of this is achieved in an 
communication structure where the vehicle sensors and onboard 
ECUs are connected with each other via an internal network. The 
results discussed here focus on the first detection method that is 
Cyber-Attack detection algorithm. 


Index Terms—hybrid electric vehicle, onboard diagnostic, 
autonomous connected vehicle, cybersecurity, control algorithm, 
battery electric vehicle 


Introduction 


Until recently, vehicles have been isolated from the internet. The only 
exception was the interface for vehicle diagnostics with OBD-II port 
being a wired interface, OBD-II port could rely on the physical 
protection offered by the vehicle’s chassis, like the electronic control 
units (ECUs) and the in-vehicle network (IVN). But things are 
changing rapidly. Most modern vehicles already allow smartphones 
to be paired via Bluetooth with the car’s entertainment system for 
hands-free phone calls or to play music. And it doesn’t stop there. 
Many modern vehicles are wirelessly connected to the internet which 
not only enables additional services in the car but also provide remote 
control over the vehicle such as remote unlocking and starting. To 
improve safety, these cars will furthermore be equipped with eCall 
and V2X communication technologies, complemented by ADAS 
systems that offer advanced driving assistance features and 
ultimately, autonomous driving. 


These days, autonomous vehicles (AV) driving without the 
intervention of a driver use onboard software applications to identify 
driving conditions. AVs now have the ability to diagnose and check 
for any hazard causing events using various kinds of sensors installed 
in the vehicle. These complex diagnostic functions are achieved with 
Electronic Control Units (ECUs), ECU’s play a critical role in 
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today’s vehicle and hence its rationality along with complex sensors, 
actuators and onboard system software ought to be ensured in order 
to protect for vehicle safety. 


A handful of extensively advertised attacks has demonstrated 
vulnerability, consisting of a 2014 occurrence entailing an OEM. 
Hackers looking to expose possible vulnerabilities found a password 
to a Wi-Fi hot spot as well as cellular connections made use of 
vehicle’s main screen and entertainment system. From there, they 
accessed the vehicle’s interior computer network and also took 
control of functions ranging from the door locks and also window 
wipers to electronically assisted steering. This event recalled 1.4 
million vehicles and worked as a cautioning to the market that 
vehicle networks are no longer islands unto themselves. 


From the regulation’s perspective, government agencies have started 
to address cybersecurity threats by establishing regulations that are 
not specific to AVs, conducting further research right into 
cybersecurity dangers for AVs and all vehicles in general, as well as 
giving standards. Some federal governments such as that of the UK 
and also Singapore have actually additionally started informing the 
general public of cybersecurity threats, whereas the federal 
governments of Japan and also South Korea have yet to suggest their 
intents to attend to cybersecurity risks. In the US, the federal 
government has actually taken actions to explore vehicle 
cybersecurity risks and has made recommendations to handle AV- 
specific cybersecurity threats. In 2012, the National Highway Web 
Traffic Safety And Security Management (NHTSA) [1] set up a new 
department to research "safety and security, security, and reliability 
of facility, adjoined, electronic vehicle systems" as well as has set up 
an Electronic devices Council to enhance partnership throughout the 
entire NHTSA organization concerning automobile electronic devices 
and cybersecurity . 


The current OBD regulations in U.S. requirements [2] enforced by 
California Air Resources Board (CARB) do not cover zero emission 
vehicles (ZEV), such as battery electric vehicles (BEV). With the 
quick innovations in battery modern technologies, such as raised 
power density, improved reliability, reduced degradation, and 
improved battery management systems, as well as enhances in motor 
modern technology performance recently, BEVs are now strong 
competitors for vehicles with traditional powertrain systems among 
consumers without extended driving needs and are expected to 
expand in market shares in the coming years. With an upward trend 
of even more consumers driving BEVs, it is reasonable to predict a 
gain from industry standardization for the tracking and reporting 
requirements for BEV electrical propulsion systems. In addition, 
some lawmakers [2] have actually already begun to make proposals 
to mandate monitoring and also reporting requirements on the on- 
board systems in BEVs. 


corresponding cybersecurity DTC is set and stored in the memory 
once the attack is confirmed and also a notification is sent to the 
customer on the vehicle dashboard of a possible Cyber-Attack on the 
vehicle . 


Cyber-Attack detection algorithm solution on the CAN bus is only 
viable if it addresses the following constraints: 


e No change in the CAN-bus protocol (1.e., change to 
message headers or additional messages) 

e Restrict the number of times an attacker can attempt to send 
a forged message, as well as the number of authenticated 
messages that the attacker can view (while attempting the 
forgery) 

Zero overhead 
Minimal performance impact 
Allow recovery after reboot (of receiver and senders) 


The method 1 algorithm that is Cyber-Attack detection algorithm has 
to be further evaluated for the following above constrains and 
compared with the other methods such as Time-Based CAN Intrusion 
Detection Method and Feistel Cipher block method which will be 
discussed in future works. 


Summary/Conclusions 


In this paper, a novel Cyber-Attack detection method and a fault- 
tolerant operation control algorithm solution are proposed for Simple 
Spoofing Attack. The fault detection method is simple for 
implementation and it can locate the faulty ECU by analyzing CAN 
data , CAN_ID and the vehicle drive state. The fault-tolerant 
capability has been achieved by analyzing the characteristics of the 
CAN signals . The robustness of the detection can be further 
improved by adding a second layer of check where in the second-step 
detection rule includes a rule for detecting a sign of an abnormality 
assumed to be an attack by performing state transition analysis or 
time-series (sequence pattern) analysis using a series of received 
electronic control commands (CAN IDs) as discussed in the time 
based CAN intrusion detection methods. The performance of the 
time-based methods and Feistel Cipher block method with improved 
deep learning models can improve the use case and efficiency of the 
detection. These methods and its algorithm performance results will 
be further discussed in future works. 
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